The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Tomasz Wolniewicz <twoln AT umk.pl>]

Hi Alan,

W dniu 07.04.2016 o 14:39, 
A.L.M.Buxey AT lboro.ac.uk
 pisze:
> Hi,
>
>> >    So, looking at that setup it doesn't matter that my root cert is 
>> > SHA1, but
>> >    we'll likely hit issues if the server cert is SHA1. However as that's 
>> > not
>> >    setup on the user devices I would guess that if I use the same root 
>> > CA to
>> >    create a new SHA256 server certificate with the same common name and 
>> > tell
>> >    the radius server to send that instead it would be transparent to 
>> > users?
> pretty much - certainly until clients get fussy about SHA1 root CAs...  
> however,
Anything is possible of course, but getting fussy about that would be
plain stupid. The trust is in the CA public key not in any hashes.
What the clients *could* rightly get fussy about would be the key length
of the CA.

Tomasz

-- 
Tomasz Wolniewicz    
          
twoln AT umk.pl
        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne       Information&Communication Technology 
Centre
Uniwersytet Mikolaja Kopernika         Nicolaus Copernicus University,
pl. Rapackiego 1, Torun                pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576